Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: jfs: Prevent copying of nlink with a value of 0 from the disk inode. syzbot reported a deadlock in diFree. 1 When calling “ioctl$LOOPSETSTATUS64”, the offset value passed in is 4, which does not match the mounted loop device...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010936)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010936 advisory. In the Linux kernel, the following vulnerability has been resolved: loop: loopsetstatusfrominfo check before assignment In loopsetstatusfrominfo, lo-looffset and...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013346)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013346 advisory. In the Linux kernel, the following vulnerability has been resolved: loop: loopsetstatusfrominfo check before assignment In loopsetstatusfrominfo, lo-looffset and...

Improper Authorization

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Improper Authorization in the overrideStatus request parameter, which is processed by the setStatus function. An attacker can bypass administrative moderation and...

HTTP Header Injection

Overview tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed. Affected versions of this package are vulnerable to HTTP Header Injection via the reason argument in HTTP status handling. An attacker can inject arbitrary HTTP headers or execute...

DEBIAN-CVE-2023-53820

In the Linux kernel, the following vulnerability has been resolved: loop: loopsetstatusfrominfo check before assignment In loopsetstatusfrominfo, lo-looffset and lo-losizelimit should be checked before reassignment, because if an overflow error occurs, the original correct value will be changed t...

CVE-2025-61729 vulnerabilities

Vulnerabilities for packages: helm-operator, nvidia-container-toolkit, opensearch-k8s-operator, kubescape, harbor, terraform-mcp-server, kube-state-metrics, sftpgo-plugin-pubsub, aws-nuke, spire-server, harbor-cli, sftpgo-plugin-eventsearch, grafana-operator, openbao-k8s, jitsucom-bulker,...

PT-2025-18422

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.0-rc7 Description A deadlock vulnerability has been identified in the Linux kernel, specifically in the jfs file system. The issue arises when the ioctl$LOOP SET STATUS64 function is called with an offset...

CVE-2018-16449

OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via admin.php?s=/Article/setStatus/status/1.html...

British Columbia Institute of Technology CodeIgniter HTTP Packet Header Injection Vulnerability

British Columbia Institute of Technology CodeIgniter is the British Columbia Institute of Technology British Columbia Institute of Technology for PHP web developers to use a set of application development framework and toolkit . An HTTP packet header injection vulnerability exists in the...